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REMARKS 

This Amendment is filed in response to the Office Action mailed July 16, 2007. 
The Applicant respectfully requests reconsideration. The objections and rejections are 
respectfully traversed. 

Claims 1-24 are pending in the case. 

No claims have been amended. 

No claims have been added. 

Specification 

At paragraphs 15-16 of the Final Office Action, the Examiner comments that "the 
trademark Cisco Systems has been noted on page 13 and 14 in the application" and re- 
quests it be accompanied by generic terminology. 

The Applicant respectfully requests this be reconsidered. The Applicant refers to 
the corporation name "Cisco Systems, Inc." on pages 13 and 14 of the specification. Re- 
ferring to a corporation by name is quite different than using a term as a trademark. As 
such, the Applicant urges that the specification's wording is proper. 

Claim Rejections - 35 U.S.C. §101 

At paragraph 17-18 of the Final Office Action, claims 18-23 were rejected under 
35 U.S.C. §101. 

The Applicant respectfully requests reconsideration of this rejection. MPEP 
§2106.01(1) discusses computer listings per se and reads in part (emphasis added): 

Computer programs are often recited as part of a claim. USPTO 
personnel should determine whether the computer program is being 
claimed as part of an otherwise statutory manufacture or machine. In 
such a case, the claim remains statutory irrespective of the fact that a 
computer program is included in the claim. The same result occurs when 
a computer program is used in a computerized process where the computer 
executes the instructions set forth in the computer program. Only when 
the claimed invention taken as a whole is directed to a mere program 
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listing, i.e., to only its description or expression, is it descriptive material 
per se and hence nonstatutory. 



The Applicant's claims are directed as a whole to statutory machines or manufac- 
tures, and not only to computer programs as listings. Claim 18, representative in part of 
claims 18-23, reads: 



1 8. An apparatus that implements port-based network access control at a 
shared media port, the shared media port being coupled to a plurality of 
client nodes, the apparatus comprising: 

means for partitioning the shared media port into a plurality of 
logical subinterfaces, each logical subinterface dedicated to providing ac- 
cess to a different network or subnetwork accessible through the interme- 
diate node; 

means for receiving a data packet at the shared media port from 
a first client node; 

means for associating the received data packet with a first logical 
subinterface in the plurality of logical subinterfaces; 

means for determining whether the first client node is authenti- 
cated to communicate over the first logical subinterface 's dedicated net- 
work or subnetwork; and 

means for forwarding the received data packet over the first logi- 
cal subinterf ace's dedicated network or subnetwork. 

The claimed apparatus includes means for receiving a data packet at the shared 
media port from a first client node and means for forwarding the received data packet 
over the first logical subinterf ace's dedicated network or subnetwork, each means hav- 
ing corresponding structure that includes tangible hardware. 

The Applicant respectfully directs the Examiner's attention to page 13, lines 12- 
24 of the specification which (among other portions of the specification) recites structures 
corresponding to the means of receiving and means for forwarding. Page 12, lines 12-24 
read (emphasis added): 

The ports 300 and 260 are typically resident on one or more net- 
work interface cards (NIC) in the intermediate node 200, wherein each 
NIC is assigned a unique media access control (MAC) address. The port 
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260 comprises the mechanical, electrical and signaling circuitry that en- 
ables the intermediate node 200 to communicate over a, e.g., point-to- 
point link, Ethernet link, optical link, wireless link or other physical link, 
coupled to the Internet 1 50. In contrast, the shared media port 300 pro- 
vides the mechanical, electrical and signaling circuitry that enables 
the node 200 to communicate over one or more physical links coupled 
to a plurality of client nodes 110. For example, the port 300 may in- 
clude an integrated hub or switch or may be attached to a "down- 
stream" hub or switch in the home LAN 140. Each port 300 and 260 is 
typically associated with a different network configuration. For instance, 
the ports may be associated with different IP configurations, virtual local 
area network (VLAN) configurations, authentication protocols and so 
forth. 



Accordingly, as these means plus function elements have corresponding structure 
that includes tangible hardware, the claim as a whole is not directed to only computer 
programs per se. Accordingly, the Applicant respectfully urges that the claims satisfy the 
requirements of 35 U.S.C. § 101 in light of the guidance provided by MPEP §2106.01(1). 

Claim Rejections - 35 U.S.C. §102 

At paragraphs 20-25 of the Final Office Action, claims 1-4, 14, 18, and 24 were 
rejected under 35 U.S.C. § 102(e) over Roese, U.S. Patent Application No. 2004/0158735 
(hereinafter Roese). 

The Applicant's claim 1, representative in part of the other rejected claims, sets 

forth: 

1 . A method for implementing port-based network access control at a 
shared media port in an intermediate node, the shared media port being 
coupled to a plurality of client nodes, the method comprising: 

partitioning the shared media port into a plurality of logical sub- 
interfaces, each logical subinterface dedicated to providing access to a 
different network or subnetwork accessible through the intermediate 
node; 

receiving a data packet at the shared media port from a first client 

node; 

associating the received data packet with a first logical subinter- 
face in the plurality of logical subinterfaces; 
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determining whether the first client node is authenticated to 
communicate over the first logical subinterf ace's dedicated network or 
subnetwork; and 

if the first client node is determined to be authenticated to commu- 
nicate over the first logical subinterface's dedicated network or subnet- 
work, forwarding the received data packet over the first logical subinter- 
face's dedicated network or subnetwork. 

Roese discusses a port-based authentication scheme that follows the IEEE 802. IX 
standard. A function (i.e.n a device) is connected to "network access port" of a "network 
infrastructure device." See paragraphs 001 1. The "network access port" is associated 
with a "logical controlled port" and a "logical uncontrolled port." See paragraphs 001 1 
and 0012. If an attached function (i.e., device) is not authenticated, it may only commu- 
nicated through the uncontrolled logical port. Upon authentication of the attached func- 
tion (i.e., device), the logical controlled port is enabled for use. See paragraph 0012. 
Thus, in effect, the network access port has two states, one where the logical uncontrolled 
port is used (i.e. an uncontrolled state), and one where the logical controlled is used (i.e. a 
controlled state) See paragraphs 0012 and 0015. 

The Applicant respectfully urges that Roese is silent concerning Applicants 
claimed "partitioning the shared media port into a plurality of logical subinterf aces 
each logical subinterf ace dedicated to providing access to a different network or sub- 
network accessible through the intermediate node" and "associating the received data 
packet with a first logical subinterface in the plurality of logical subinterfaces" 
and "determining whether the first client node is authenticated to communicate over 
the first logical subinterface's dedicated network or subnetwork." 

While the Applicant claims "partitioning the shared media port into a plurality 
of logical subinterfaces" and associating and determining to provide access control at the 
subinterface level, Roese simply discusses the IEEE 802. IX standard which manages ac- 
cess control at the port level. That is, in Roese a network access port has in effect two 
states, one where the logical uncontrolled port is used (i.e. an uncontrolled state), and one 
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where the logical controlled is used (i.e. a controlled state) See Roese paragraphs 0012 
and 0015. 

Operating at the port level may lead to a number of network security probems as 
discussed by the Applicant in the background section of the Application. For example 
the Applicant discusses at page 6, lines 9-22. 

Network security problems often arise when both authorized and 
unauthorized users communicate through a shared media port that is con- 
figured to perform port-based network access control, such as 802. IX au- 
thentication. As noted, the shared media port transitions from an unau- 
thorized to an authorized state once a user is authenticated at the port. 
Consequently, unauthenticated users at client nodes coupled to the 
shared media port may gain unauthorized access to the intermediate 
node's services as soon as a user is authenticated at another client node 
coupled to that port. In this situation, network security may be compro- 
mised by the unauthenticated users coupled to the authorized 
port. . ..Unfortunately, the IEEE 802. IX standard does not address the 
possibility of such security breaches at shared media ports. 

The Applicant, in part, addresses the shortcoming of techniques such as those dis- 
cussed in Roese by "associating the received data packet with a first logical subinter- 
face in the plurality of logical subinterfaces" and "determining whether the first client 
node is authenticated to communicate over the first logical subinterf ace's dedicated 
network or subnetwork." In this manner, access control may be provided on with a finer 
granularity for a subinterface. 

Accordingly, the Applicant respectfully urges that Roese is legally insufficient to 
anticipate the present claims under 35 U.S.C. §102 because of the absence of the Appli- 
cant's claimed novel "partitioning the shared media port into a plurality of logical sub- 
interfaces each logical subinterface dedicated to providing access to a different net- 
work or subnetwork accessible through the intermediate node" and "associating the 
received data packet with a first logical subinterface in the plurality of logical subinter- 
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faces" and "determining whether the first client node is authenticated to communicate 
over the first logical subinterj ace's dedicated network or subnetwork." 

Claim Rejections - 35 U.S.C. §103 

At paragraphs 26-40 of the Final Office Action, claims 15, 8, 9, 1 1, 13, 15 17, 19 
and 21-23 were rejected under 35 U.S.C. § 103(a) over Roese in view of Kwan et al., U.S. 
Patent Application No. 2005/0055570 (hereinafter Kwan). 

At paragraphs 41-47 of the Final Office Action, claims 6 and 10 were rejected 
under 35 U.S.C. §103(a) over Roese in view of Kwan, in further view of Ng. et al., U.S. 
Patent Application No. 2005/0177865 (hereinafter Ng). 

At paragraphs 48-51 of the Final Office Action, claims 7, 16 and 20 were rejected 
under 35 U.S.C. §103(a) over Roese in view of Haverinen et al., U.S. Patent Application 
No. 2004/0208151 (hereinafter Haverinen). 

At paragraphs 52-55 of the Final Office Action, claim 12 was rejected under 35 
U.S.C. §103(a) over Roese in view Kwan and in further view of Inoue et al., U.S. Patent 
No. 6,891,819 (hereinafter Inoue). 

The Applicant notes that all of the claims rejected under U.S.C. §103 are depend- 
ent claims which depended from independent claims believed to be allowable. Accord- 
ingly, the dependent claims are also believed to be allowable for at least this reason as 
well as for other separate reasons. 

Should the Examiner believe telephonic contact would be helpful in the 
disposition of this Application, the Examiner is encouraged to call the undersigned 
attorney at (617) 951-2500. 

In summary, all the independent claims are believed to be in condition for allow- 
ance and therefore all dependent claims that depend there from are believed to be in con- 
dition for allowance. The Applicant respectfully solicits favorable action. 
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Please charge any additional fee occasioned by this paper to our Deposit Account 



No. 03-1237. 



Respectfully submitted, 




Jam^s A. Blanchette 
Reg. No. 51,477 

CESARI AND MCKENNA, LLP 
88 Black Falcon Avenue 
Boston, MA 02210-2414 
(617)951-2500 



16 



